7.1
CVE-2025-15239 - Quanta Computer|QOCA aim AI Medical Cloud Platform - SQL Injection
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
5.3
CVE-2026-0581 - Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection
A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be …
7.1
CVE-2025-15238 - Quanta Computer|QOCA aim AI Medical Cloud Platform - SQL Injection
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
4.8
CVE-2025-15022 - Cross-site scripting in Action caption
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed versio…
5.3
CVE-2025-15237 - Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.
5.3
CVE-2025-15236 - Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.
5.1
CVE-2026-0580 - SourceCodester API Key Manager App Import Key cross site scripting
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely.
7.1
CVE-2025-15235 - Quanta Computer|QOCA aim AI Medical Cloud Platform - Missing Authorization
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files.
8.7
CVE-2025-15462 - UTT 进取 520W ConfigAdvideo strcpy buffer overflow
A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigAdvideo. The manipulation of the argument timestart leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public …
8.7
CVE-2025-15461 - UTT 进取 520W formTaskEdit strcpy buffer overflow
A flaw has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTaskEdit. Executing a manipulation of the argument selDateType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. …